Automatic updates for packages in CentOS
This guide sets up a tool called
yum-cron which can handle unmanaged updates on your behalf at a scheduled interval. While this guide is for CentOS, you could apply it to other similar distros, such as Amazon Linux 2, Fedora, or Red Hat.
Things before you begin
You should have one of the above distros of Linux, which is connected to the internet.
crond should also be installed and its associated service should be enabled and started.
If you’re going to enable automatic updates, be aware this does carry some risk—I wouldn’t recommend it if you have mission critical software or services running on your machine. Consider running automatic updates on a staging machine and schedule running updates yourself.
- Install the
yum-cronto your needs/wants
- Enable and start the
Installing the package
First off, you should make sure that your system is up to date. On the assumption that you can elevate permissions through
sudo, you can do that by running
sudo yum update .
Once that’s done, you should be able to install
yum-cron with the command
sudo yum install yum-cron.
For the next part, check the contents of your
/etc/yum/ directory. Here’s mine for reference:
$ ls /etc/yum -l total 12 drwxr-xr-x 1 root root 0 Nov 5 01:53 fssnap.d drwxr-xr-x 1 root root 36 Nov 5 01:53 pluginconf.d drwxr-xr-x 1 root root 24 Apr 5 07:23 protected.d drwxr-xr-x 1 root root 30 Apr 5 07:16 vars -rw-r--r-- 1 root root 444 Nov 5 01:53 version-groups.conf -rw-r--r-- 1 root root 2565 Nov 5 01:53 yum-cron-hourly.conf -rw-r--r-- 1 root root 2603 Nov 5 01:53 yum-cron.conf
This means I can configure
yum-cron either on a hourly basis by modifying
yum-cron-hourly.conf, or on a daily basis if I edit
Once you’ve picked the file you want to configure, open it up in an editor of your choice. Here’s what the top part of yum-cron.conf looks like for me:
[commands] # What kind of update to use: # default = yum upgrade # security = yum --security upgrade # security-severity:Critical = yum --sec-severity=Critical upgrade # minimal = yum --bugfix update-minimal # minimal-security = yum --security update-minimal # minimal-security-severity:Critical = --sec-severity=Critical update-minimal update_cmd = default # Whether a message should be emitted when updates are available, # were downloaded, or applied. update_messages = yes # Whether updates should be downloaded when they are available. download_updates = yes # Whether updates should be applied when they are available. Note # that download_updates must also be yes for the update to be applied. apply_updates = no
Now, for most systems I manage, I usually do the following:
security—this allows packages to be automatically updated if they have a security update available
yes—that way updates are installed without any manual process
Save your file, and you should be ready to go!
Running the yum-cron service
Now that you’ve done all that, you actually don’t need to do anything else.
crond.service takes care of the rest, since the
yum-cron package installs some cron services which will run. You can verify this by examining the cron directories in
$ ls -d /etc/*/ | grep 'cron' /etc/cron.d/ /etc/cron.daily/ /etc/cron.hourly/ /etc/cron.monthly/ /etc/cron.weekly/ $ ls -l /etc/cron.daily total 8 -rwxr-xr-x 1 root root 332 Nov 5 01:53 0yum-daily.cron -rwx------ 1 root root 219 Oct 30 19:12 logrotate
By installing a service like
yum-cron, you can keep your systems up to date without having to do it yourself. This isn’t suitable for all situations, but for most cases, it is.